1. Field of the Invention
The present invention relates to information handling systems and more particularly to an adaptive system behavior change on a malware trigger.
2. Description of the Related Art
As the value and use of information continues to increase, individuals and businesses seek additional ways to process and store information. One option available to users is information handling systems. An information handling system generally processes, compiles, stores, and/or communicates information or data for business, personal, or other purposes thereby allowing users to take advantage of the value of the information. Because technology and information handling needs and requirements vary between different users or applications, information handling systems may also vary regarding what information is handled, how the information is handled, how much information is processed, stored, or communicated, and how quickly and efficiently the information may be processed, stored, or communicated. The variations in information handling systems allow for information handling systems to be general or configured for a specific user or specific use such as financial transaction processing, airline reservations, enterprise data storage, or global communications. In addition, information handling systems may include a variety of hardware and software components that may be configured to process, store, and communicate information and may include one or more computer systems, data storage systems, and networking systems.
One important issue for information handling systems relates to protecting the information handling system from malicious software (also referred to as malware). Malware generally refers to any type of hostile, intrusive, or annoying software. Malware is software used or created to disrupt operation of the information handling system, gather sensitive information, or gain access to private information handling systems. Malware can appear in the form of code, scripts, active content, and other software. The complexity and dynamics of a malware and anti-malware ecosystem can often cause users to be deceived into performing sensitive tasks when the information handling system is not secure. In addition, malware can also subvert devices such as cameras and microphones into operation unobtrusively to the user and at undesired times. With some malware type infections, a user may only be presented with warnings for a brief interval before the I/O subsystem (such as a display subsystem) is subverted and made to appear as if all is well.
One attempt to address this issue is via System Health Agents (SHA). SHAs can refuse to complete connections and take other tasks based on an assessment of the systems security. However, often SHAs are limited to software effects or upstream signaling. Additionally, enterprise virus or malware scanners can provide an ability to notify administrators and others on scan failures.